SECURITY ENGINEERING 2 April 2013 William W. McMillan.

Slides:



Advertisements
Similar presentations
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
Advertisements

Mr C Johnston ICT Teacher
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.
Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.
Lecture 11 Reliability and Security in IT infrastructure.
Network Security Peter Behrens Seth Elschlager. Computer Security Preventing unauthorized use of your network and information within that network. Preventing.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Factors to be taken into account when designing ICT Security Policies
Security Guidelines and Management
Air Force Association (AFA) 1. 1.Access Control 2.Four Steps to Access 3.How Does it Work? 4.User and Guest Accounts 5.Administrator Accounts 6.Threat.
Security. If I get 7.5% interest on $5,349.44, how much do I get in a month? (.075/12) = * 5, = $ What happens to the.004? =
The Impact of Physical Security on Network Security
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Cameron Simpson.
Security of Data. Key Ideas from syllabus Security of data Understand the importance of and the mechanisms for maintaining data security Understand the.
BUS1MIS Management Information Systems Semester 1, 2012 Week 7 Lecture 1.
FIVE STEPS TO REDUCE THE RISK OF CYBERCRIME TO YOUR BUSINESS.
CS 325: Software Engineering April 14, 2015 Software Security Security Requirements Software Security in the Life Cycle.
BUSINESS B1 Information Security.
Security and backups GCSE ICT.
Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.
1.Too many users 2.Technical factors 3.Organizational factors 4.Environmental factors 5.Poor management decisions Which of the following is not a source.
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security.
Cyber Security Anchorage School District – 7 th grade Internet Safety.
Figures – Chapter 14. Figure 14.1 System layers where security may be compromised.
Chapter 13 Understanding E-Security. 2 OBJECTIVES What are security concerns (examples)? What are two types of threats (client/server) Virus – Computer.
System Security Chapter no 16. Computer Security Computer security is concerned with taking care of hardware, Software and data The cost of creating data.
Operating system Security By Murtaza K. Madraswala.
Course code: ABI 204 Introduction to E-Commerce Chapter 5: Security Threats to Electronic Commerce AMA University 1.
Introduction to Computer Security PA Turnpike Commission.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
SECURITY OF DATA By: ADRIAN PERHAM. Issues of privacy; Threats to IT systems; Data integrity; Standard clerical procedures; Security measures taken to.
McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved INFORMATION SECURITY SECTION 4.2.
1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.
Lesson 19-E-Commerce Security Needs. Overview Understand e-commerce services. Understand the importance of availability. Implement client-side security.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
Security Policies. Threats to security and integrity  Threats to information systems include  Human error –keying errors, program errors, operator errors,
Quality of Information System (IS) reflecting local correctness and reliability of the operating system; the logical completeness of the hardware and software.
13LECTURE NET301 11/23/2015Lect13 NET THE PROBLEM OF NETWORK SECURITY The Internet allows an attacker to attack from anywhere in the world from.
Data Security. Unauthorized Access Natural disaster Accidentals Destruction ( Hard ware failure )
Security Risks Viruses, worms, Trojans Hacking Spyware, phishing Keylogging Online fraud Identity theft DOS (Denial of Service attacks.
Access Control / Authenticity Michael Sheppard 11/10/10.
Security Distributed Systems Lecture # 14. Why care about security? Authentication Use another person’s ID for sending Non-repudiation E-commerce.
Computer Security By Duncan Hall.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
Mr C Johnston ICT Teacher BTEC IT Unit 09 - Lesson 11 Network Security.
Information Systems Design and Development Security Precautions Computing Science.
Onsite CRM Security
Securing Information Systems
What they are and how to protect against them
BUSINESS DRIVEN TECHNOLOGY
ISSeG Integrated Site Security for Grids WP2 - Methodology
Design for Security Pepper.
Secure Software Confidentiality Integrity Data Security Authentication
Lesson Objectives Aims You should be able to:
Operating system Security
The Security Problem Security must consider external environment of the system, and protect it from: unauthorized access. malicious modification or destruction.
Business Risks of Insecure Networks
Answer the questions to reveal the blocks and guess the picture.
Computer Security Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Securing Information Systems
Done BY: Zainab Sulaiman AL-Mandhari Under Supervisor: Dr.Tarek
INFORMATION SYSTEMS SECURITY and CONTROL
Lorenzo Biasiolo 3°AI INFORMATION SECURITY.
Net301 LECTURE 11 11/23/2015 Lect13 NET301.
Presentation transcript:

SECURITY ENGINEERING 2 April 2013 William W. McMillan

What are the main reinforcements for breaking into software systems? Name three distinct populations of people who do this.

Ways People Use the Term “Risk”  Something bad that could happen:  “There’s a risk of brake failure.”  The probability that something bad could happen:  “The risk of brake failure is 0.01%.”  The cost of something bad happening:  “If the brakes fail, we risk passenger deaths.”  We can’t really regulate everyday language.

Ways to Mitigate Risk  Identify vulnerabilities, threats, and hazards…  …then head each one off at the pass.  Establish engineering practices that will lead to reliable software.  The first approach by itself can’t keep the bad guys out.  You can’t find every vulnerability or anticipate every attack.

List three to five typical kinds of attacks on software.

Ways to Attack abc123 Using Users Surprise Packages Picking Locks Faking/Stealing Credentials Stealing Data Observing Behavior Ganging Up As a Customer By Insider

What Can Be Attacked  Operating system  Databases  Financial records  Infrastructure  Communications  Dedicated servers  Application code  Application data

Describe a recent successful attack on a software system.

User Authentication  Who has access to what?  Security policy is defined by client or management.  Need to ensure that you give users the right level of access.  Operational concern.  But there are some design implications.  UI should not lead someone to, e.g., accidentally give a new engineer access to the firm’s personnel records.  or other communication to user to report transaction, password change, etc.

User Credentials  User name and password  Making 3M rich (they make Post-it Notes)…  … which is where many passwords live.  Physical cards or other object to plug into computer  Security questions  How hard is it to get people’s mother’s maiden name?  Does a friend know what the model of your first car was?  Biometrics  Retinal scans, fingerprints, voice,…

Is it a good idea to require users to change passwords every six months or so? Should passwords be required to be like this: fH7*iM(sqjX ?

Data Protection  Encryption  Fire walls  Multiple sites  In case someone corrupts databases at one site.  Checksums, consistency, or other integrity tests  Monitoring of access and traffic  User authentication  Validation of inputs  Providing read-only access when you can.

Is the client-server model good for protecting data in an organization?

Function Protection  Scan for viruses and worms.  Monitor activity.  Prevent “backdoors” and “hooks” in code.  Engineering process issue  Beware of reused software.  “You don’t know where that thing has been…”  Configure carefully when install or change.  Can change access or visibility.

A small dental practice has a home- grown information system and they’ve hired you to improve its security. What six or so steps would you take before making changes?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.